News

• Current News
• Campus IT Memos
• IT News Archive
• HSC-ITS IT Update
• IT Calendar
• Cool Stuff
• Leadership Home
• OIT Home

A New Spear Phishing Email to U of U Addresses

To:       All University of Utah Campus Members
From:   Chris Kidd, Chief Information Security and Privacy Officer
Subject: A New Spear Phishing Email to U of U Addresses
Date:    June 17, 2008

 

Last week, an email with the Subject: VERIFY YOUR UTAH.EDU WEBMAIL ACCOUNT was received by U of U faculty, staff and students indicating that "www.utah.edu" is going to be upgraded and that we will be "deleting all email account that is not functioning".  The email requested that users
send their email address, username, password and security question/answer in reply.

The sending email address (accountupgrading <webmaster1@utah.edu>) is NOT a University email address and the message was not sent out by a University entity.  The email is a targeted "spear phishing" email.

Immediate Action:

* If you have opened AND replied to the email, change your password immediately through either the Campus Information System: http://www.cis.utah.edu
and/or through your departmental email system.  Notify Information Security Operations at so that we can verify the integrity of your account.

* If you did not reply to the email, your account has not been compromised.  Delete the message.  Contact the Campus Help Desk (581-4000 option 1) or the ITS Help Desk (587-6000) if you have any questions.

* Please notify others in your area to do the same.

We are notifying you to protect your accounts from being compromised and misused.  Remember, the University of Utah would NEVER ask you to provide this type of information through an email system.  The University's Information Security Operations team takes steps to block phishing
websites and email.  Please send any emails you think are "phishy" as attachments to and/or postmaster@utah.edu.  We can then work to prevent future attacks, but you should never assume that all phishers are blocked.  Please protect yourselves from "phishing" attacks.

Thank you,

Chris Kidd
Chief Information Security and Privacy Officer
Compliance Office
The University of Utah
www.compliance.utah.edu

------------------------------------------------------------
Distribution of this message was approved by Stephen Hess, CIO & Associate Vice President for Information Technology, University of Utah, 101 Wasatch Drive, Eccles Broadcast Center, Salt Lake City, UT 84112